The mission of Information Security Department is to assure the confidentiality, integrity and availability of the information as appropriate. To this end, it is responsible to translate the risk appetite of the organisation into effective and efficient controls which (a) minimise impact to operations, (b) ensure better risk management , and (c) are compliant with regulations.
The Information Security Department is responsible and accountable for the development and implementation of the information security framework, to assist the Group’s efforts to protect its information assets.
The role of the head of Information Security includes the following (list is not exhaustive):
- Advise and provide recommendations to the Board on the development of an information security policy in line with the Group’s size and complexity of activities and information distribution channels.
- Advise and provide recommendations to senior management on the development and implementation of the Group’s information security program in the form of security policies, standards, guidelines, procedures and processes.
- Oversee the dissemination and implementation of the information security program institution-wide.
- Cooperate with the Bank’s business and support units and other internal control functions, for the effective implementation of security principles in the development of their policies and procedures.
- Develop and implement in cooperation with the risk management Division, an information security risk assessment and management program.
- Participate in the activities required for the implementation of effective security controls in the bank’s IT infrastructure and provide guiding principles to the IT for the operations of network and information systems.
- Plan, organise and coordinate information security assessment activities throughout the institution.
- Monitor compliance with information security policies, standards, guidelines, processes and procedures.
The head of Information Security submits an annual report to the Board, through the Risk Committee which includes among others a summary of the most important information security risks the Bank faces at the time of reporting and a list of all important information security incidents and corrective actions taken to prevent recurrence.